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Abstract. Boolean optimization finds a wide range of application do- 
mains, that motivated a number of different organizations of Boolean 
optimizers since the mid 90s. Some of the most successful approaches 
are based on iterative calls to an NP oracle, using either linear search, 
binary search or the identification of unsatisfiable sub-formulas. The in- 
creasing use of Boolean optimizers in practical settings raises the ques- 
tion of confidence in computed results. For example, the issue of confi- 
dence is paramount in safety critical settings. One way of increasing the 
confidence of the results computed by Boolean optimizers is to develop 
techniques for validating the results. Recent work studied the validation 
of Boolean optimizers based on branch-and-bound search |18ll7j . This 
paper complements existing work, and develops methods for validating 
Boolean optimizers that are based on iterative calls to an NP oracle. 
This entails implementing solutions for validating both satisfiable and 
unsatisfiable answers from the NP oracle. The work described in this 
paper can be applied to a wide range of Boolean optimizers, that find 
application in Pseudo-Boolean Optimization and in Maximum Satisfia- 
bility. Preliminary experimental results indicate that the impact of the 
proposed method in overall performance is negligible. 
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1 Introduction 

The remarkable advances of Boolean Satisfiability (SAT) algorithms in past 
years, motivated their widespread use in many practical applications. Moreover, 
some applications require the Boolean algorithms to optimize some cost function 

(e.g. US], m)- 

These practical applications depend on correct results computed by Boolean 
optimizers to fulfill their objective. One way of increasing the confidence in 
the results computed, is to develop techniques for validating the results. In the 
context of (pure) SAT, validation of unsatisfiable answers has been addressed by 
Zhang & Malik [35], whereas the validation of satisfiable answers corresponds 
just to a check if the returned assignment satisfies all the clauses. Certified 
validation of SAT has been considered in [H] . 

Validation of Boolean optimizers has been studied recently [18117) . However, 
this work covers only Boolean optimizers that are based on branch-and-bound 



search, e.g. BSOLO [H]. Nevertheless, many state of the art Boolean optimiz- 
ers are based on iterative calls to a SAT solver. For example, minisat-l- [S], 
sat4j [g (-pb,-maxsat), PBS [T], pueblo [50], msuncore |24l23l22j . PM2 g], 
WPMl I1],WMSU1 HI. 

This paper develops methods for validating the results computed by Boolean 
optimizers, that are based on iterative calls to a SAT solver. The idea is to 
allow for an independent checker to receive the information returned by the 
Boolean optimizers and validate the result. The paper shows that, to improve 
the efficiency of the solution checking process, it is unnecessary for the checker 
to validate all the iterations of the solver, which can be as many as the number 
of clauses. This result is general and, as the paper shows, holds for most Boolean 
optimization algorithms based on iterative calls to a SAT solver. Moreover, the 
paper shows that, similarly to SAT, the time to check MaxSAT solutions is in 
general negligible when compared with the time the algorithms take to compute 
the optimum solution. 

The paper is organized as follows. Section [2] introduces Boolean optimization 
problems and describes three iterative approaches currently used by Boolean 
optimizers. Section [3] presents our methods of validation of the results returned. 
Experimental results with our methods of validation are shown in Sectional and 
the paper concludes in Section [51 

2 Preliminaries 

This section describes Boolean optimization problems and the notation used in 
the paper. First, Boolean optimization problems are introduced, followed by a 
brief introduction to the different iterative algorithms to solve Boolean optimiza- 
tion problems. Familiarity with the basic concepts of Boolean variables, literals, 
clauses, conjunctive normal formula (CNF), etc, is assumed, but additional de- 
tail can be found for example in [7]. A CNF formula can be viewed either as a 
conjunction of clauses or as a set of clauses. Similarly, a clause can be viewed as 
a disjunction of literals or as a set of literals. 

The Boolean optimization problems described in this section can be seen as 
optimization extensions of the propositional satisfiability problem (SAT). The 
SAT problem is the problem that, given a CNF formula 1^9 on a set of Boolean 
variables, determines one assignment a to the variables such that cr satisfies 
if such (7 exists. Otherwise UNSATISFIABLE is reported. 

This work considers three different Boolean optimization problems. The Min- 
Cost SAT problem [12], the Pseudo-Boolean optimization problem (PBO) [28] 
and the Maximum Satisfiability problem (MaxSAT) [20]. The MinCost SAT 
problem has as input a CNF formula Lp = t\jLii^j, and a cost function rep- 
resented as in Equation ([!}, where each ci is a constant and literal U is either 
variable Xi or the negated variable Tl. The goal in MinCost SAT is to determine 
a satisfying assignment a for ip that minimizes the value of the cost function. 




(1) 



The Pseudo-Boolean Optimization problem (PBO) also considers a cost func- 
tion (also called the objective function), but PBO does not consider the formula 
ip to be in CNF format. Instead in PBO, the constraints are lineaJl inequations 
of pseudo-Boolean variables, that is, the variables have either value or 1. An 
instance of PBO can be formulated as in Equation ([2|). 

mm : 2^ -^^ axi 

S.t. X)i=l '^ij^ij — 



1 < J < m 
O'i.j ,bj,Ci G Z 

x^ e {1,0} 



(2) 



The last Boolean Optimization problem considered is the Maximum Satisfi- 
ability (MaxSAT) problem which given a CNF formula tp = Ajli '^j consists on 
identifying an assignment a that satisfies the maximum number of clauses of tp. 
MaxSAT can be represented as in Equation [3 Typically in MaxSAT the given 
formula (p is unsatisfiable (otherwise MaxSAT corresponds to the SAT prob- 
lem) . Note also that despite the MaxSAT problem being defined in terms of the 
maximum number of satisfied clauses, current MaxSAT solver report as solution 
the minimum number of unsatisfied clausefQ- The maximum number of satisfied 
clauses is then obtained by subtracting from the total number of clauses, the 
minimum number of unsatisfied clauses. 

Ef a," = 1 if cr(uji) = true 
a ," = otherwise ^ ' 

Several variants of MaxSAT can be considered, namely partial MaxSAT, 
weighted MaxSAT and weighted partial MaxSAT. In partial MaxSAT some of 
the clauses on ip, called the hard clauses, must be satisfied by a. By opposition, 
the clauses of cp which may or may not be satisfied by a are called soft clauses. 
Thus, the objective in partial MaxSAT is to determine a that satisfies all the 
hard clauses of p, and maximizes the number of satisfied soft clauses of p, if such 
(7 exists. If no a is able to satisfy the hard clauses of (p, then UNSATISFIABLE 
is returned. 

In weighted MaxSAT each clause is associated to a weight that represents the 
cost of satisfying the clause. The objective is to maximize the sum of the weights 
of the satisfied clauses. Weighted partial MaxSAT combines the previous two. 
The set of clauses is divided in hard and soft clauses, and the soft clauses are 
associated with weights. The objective is to maximize the sum of the weights of 
the satisfied soft clauses while satisfying all the hard clauses. 

This paper focus on (pure) MaxSAT and partial MaxSAT. 

^ Some of the current work in PBO does not require the constraints or the objective 
function to be linear. The linear formulation is preferred for readability, but non- 
linear constraints or non-linear objective function can be considered. 

* In the pseudo-codes presented it is the minimum number of unsatisfied clauses that 
is returned. 



Although the Boolean optimization problems have different optimization ob- 
jectives and different formalisms, it is possible to translate an instance of one 
problem into the others |3I2I14I22| . 

Despite only considering these Boolean optimization problems, the meth- 
ods proposed in this paper for checking computed results can be adapted to 
other Boolean optimization problems, such as MaxSMT |26I8| . MaxASP |57] or 
Weighted Boolean Optimization (WBO) 

2.1 Boolean Optimization Algorithms 

In this section we outline three approaches to solve Boolean optimization prob- 
lems for which in the next section we apply our method of validation. The 
approaches are based on linear search, binary search and (unsatisfiable) core 
guided search. Given that translations between the Boolean optimization prob- 
lems are known, in this section, we concentrate on the problem of MaxSAT for 
presenting the different algorithms. 

The idea of the algorithms presented is to start with a bound for the optimum 
value and create a CNF instance that improves over the given bound. Depending 
on the satisfiability of the created CNF instance, the bound is updated and the 
process is restarted until the optimum value is found. 

Considering the case of MaxSAT, the bound corresponds to the number of 
clauses that are unsatisfiable. The optimum value is then obtained by subtract- 
ing the bound from the total number of clauses. The algorithms consider integer 
variables fi/X to hold the value of the upper/lower bound (respectively) depend- 
ing on the type of search. 

All the three approaches consider relaxation variables which are new fresh 
variables that are added to the clauses of the MaxSAT instance. If is the 
relaxation variable associated with clause w^, then is assigned to true if uji is 
unsatisfiable. Otherwise, is assigned to false. 

Linear Search The algorithms described in this section perform a linear search 
on the optimum value. The use of Linear search for MaxSAT was first proposed 
in 2006 [H]. 

A new working CNF formula (pw is created to contain all the clauses of 
the form (w^ \/ ri), where uji is a clause of the MaxSAT instance and is the 
relaxation variable associated to uji. Each iteration adds a cardinality constraint 
to ipw to constrain the number of relaxation variables assigned to true to be at 
most a given value. The exact value used in the cardinality is dependent on the 
type of search. Two types of linear search are possible. Either searching through 
unsatisfiable CNF instances or searching through satisfiable CNF instances. The 
case of searching through unsatisfiable CNF instances is called Linear Search 
unsatisfiable- satisfiable, and the algorithm starts by seting a lower bound A to 
0. Each iteration for which an unsatisfiable instance is found, A is increased by 
one. The search proceeds until a satisfied instance is found. The pseudo-code is 
presented in Algorithm [T] 



input : A CNF formula = uii /\ . . . /\ LOn 

R ■<— {ri : Ti associated with u)i G v'li 

A ^ 0; 

while true do 

<^-'-d^CNF(E,.,6flr-, < A); 
St ^ ?,k1{ipw U v^'^'"''*); 
if St = SATISFIABLE then 

I return A; 
else 

I A ^ A + 1; 
end 
end 

Algorithm 1: Linear Search unsatisfiable-satisiiable for MaxSAT 

input : A CNF formula = uii /\ . . . A u)n 

R ■<— {ri : ri associated with cji £ tp}; 

<— n; 
while true do 

<^-.-d^CNF(E,,gflr-, <^); 
{st,cj) <-SAT(vPM/ U (^'^'"■'*); 
if St = SATISFIABLE then 

I M ^ Er=i'^(''0; 

else 

I return ^; 
end 
end 

Algorithm 2: Linear Search satisfiable-unsatisfiable for MaxSAT 



The case of searching through satisfiable CNF instances is called Linear 
Search satisfiable-unsatisfiable. The algorithm uses an upper bound /x which ini- 
tially is set to the total number of clauses. Each iteration, for which ipw is found 
satisfiable, decreases fi by the number of relaxation variables assigned to true. 
The number of relaxation variables assigned to true is obtained through the 
assignment a returned by the SAT solver on satisfiable instances. 

The search stops when an unsatisfiable instance is found. The pseudo-code 
is presented in Algorithm [21 An example of a MaxSAT solver that uses Linear 
Search satisfiable-unsatisfiable is SAT4j-maxsat [3]. 

Binary Search The algorithm presented in this section is similar to the Linear 
search algorithms, but making instead a binary search on the value of the bound. 

Binary Search uses both an upper bound and and a lower bound A, and 
iteratively creates and solves a CNF instance that includes a constraint relating 
the cost function with a middle value r. 



input : A CNF formula = uii /\ . . . /\ LOn 

R ■<— {ri : Ti associated with u)i G v'li 

fi n; 

while (/.t > Xbot + 1) do 

<^-'-^^CNF(E,.6fln <r); 

{st,a) ^ SAT (tpw U (p"""''); 
if St = SATISFIABLE then 

else 

I A ^ r; 
end 
end 

return /i; 

Algorithm 3: Binary search for MaxSAT 

The algorithm is shown in Algorithm [31 The relaxation variables and the 
working formula are created as in the previous linear algorithms. In each iteration 
the middle value of [A, /i] is assigned to r and the set of clauses that constrains 
the sum of the relaxation variables to be at most r is feed to the SAT solver, 
together with the working formula. If the SAT solver returns SATISFIABLE, 
then ^ is updated to the number of relaxation variables assigned to true by 
the assignment a returned by the SAT solver. Otherwise, A is updated to r. 
The search stops when fi and A differ in one unit, in which case, the maximum 
number of satisfiablc clauses is the number of original MaxSAT clauses minus /i. 

The use of binary search for PBO has been discussed [7]. Moreover, binary 
search has been recently used for solving Boolean optimization problems in the 
context of SMT [8], where the authors developed a theory of costs SMT(C) and 
SMT(C U T), and propose to solve PBO, MaxSAT and MaxSMT by encoding 
the problems into SMT(C) (and SMT(C U T) for MaxSMT). 

Core Guided Search Another type of search used for Boolean optimization is 
based on the generation of unsatisfiable cores. An unsatisfiable core (or simply 
core) is a sub- formula of the original CNF formula that is unsatisfiable [32] , 
Current SAT solvers are able to return cores for unsatisfiable instances (which 
are regarded as a reason for the unsatisfiability of the instance). 

The use of unsatisfiable cores for solving (partial) MaxSAT was first proposed 
in 2006 [m with the MSUl.O algorithm. The idea of MSUl.O is to iteratively 
eliminate unsatisfiable cores of the problem instance, computed by a SAT solver, 
by adding new relaxation variables to the clauses and add new constraints to 
constrain the sum of these relaxation variable to be equal to one. 

Recently, several new MSU algorithms [23124] . PM2 algorithm [J, WPM2 [5], 
bin-core and bin-core-disjoint [H] have been proposed. The differences of the 



input : A CNF formula vp = oji A . . . A a;n 

A ^ 0; 

while true do 

^ca.d^cNF(E,6i,?-<A) ; 

{st,ipc) ^SAT(<^w U ip""'''^); 
if St = SATISFIABLE then 

I return A; 
else 

A ^ A + 1; 
foreach uj £ ipc do 

if uj has no relaxation variable then 
r is a new relaxation variable 
R ^ i?U {r}; 
ojr ttJ U {r}; 
ipw <— Vw \ {i^} U {ujr}; 
end 
end 
end 
end 

Algorithm 4: Simplified MSU3 



algorithms include the number of cardinality constraints used, the encoding of 
the cardinality constraints, the number of relaxation variables considered for 
each clause and how the algorithm proceeds (despite being all based on the 
generation of cores). 

In the following we consider a representative algorithm for this class of al- 
gorithms. We consider a simplified version of the MSU3 [24] algorithm which is 
depicted in Algorithm HI Instead of relaxing all the (soft) clauses as in previous 
algorithms, the set of clauses that arc allowed to be relaxed in one iteration is 
dependent on the cores reported in the previous iterations. Initially, no clause is 
allowed to be relaxed, thus the set of all relaxed variables R is empty and the 
working formula fw is the same as the original formula. 

In each iteration the SAT solver is called with the working formula and an 
AtMost constraint on the number of relaxed variables. If the SAT solver returns 
UNSATISFIABLE then a new core (pc is available. A is increased by one and 
each original (soft) clause in the core receives a new relaxation variable, if it does 
not have one yet. Otherwise, the optimum has been found. 

3 Validating Boolean Optimizers 

Validating the results provided by a solver is a recurrent problem in applications 
that rely on correct results for their operation (e.g. |16I29| ). If a SAT solver 
returns an assignment and reports it to be SATISFIABLE, then to check if the 



assignment is indeed a satisfying assignment, it is enough to go through each 
clause, and check if the clause is satisfied by the assignment. If all the clauses are 
satisfied, then the assignment is a satisfying assignment. Otherwise, the result 
is incorrect. 

Similarly, it is necessary to validate UNSATISFIABLE outcomes. In 2003, 
Zhang & Malik proposed an independent resolution based checker that takes 
the trace produced by the solver and checks the correctness of the result. Gold- 
berg et al. [13] considers a procedure for the verification of unsatisfiable formulas 
and in 2009 Weber et al. [21] proposed the use a HOL theorem prover to verify 
the proofs of unsatisfiability given by minisat [10] and zchaff [25] . 

In the context of Boolean optimization, the solver needs to provide the op- 
timum value it has found and certificates that the value is correct. Recently, 
Larrosa et al. [18117] showed how to generate proofs of optimality for branch- 
and-bound procedures that corresponds to a lower-bound certificate and a model 
to the optimization problem. 

This section shows how to modify the algorithms described in the previous 
section, so that their results can be validated. The objective is to instrument 
Boolean optimizers to return a uniform certificate with the minimal informa- 
tion, that allows an independent checker to validate the result. Two methods of 
validation arc proposed. 

3.1 Method 1 

All the algorithms of the previous section are based in iteratively searching 
through CNF instances, either satisfiable or unsatisfiable. The value being opti- 
mized is encoded in the CNF instances. The first method to validate the result 
returned by these algorithms is to consider the value encoded and the results re- 
turned by the SAT solver for all iterations, that is, to validate the result returned 
by the SAT solver for each iteration. 

For validation of iterations with satisfiable CNF instances, the solvers report 
the value that is being tested and the satisfiable assignment returned by the 
SAT solver. For example, consider the Linear search algorithm going through 
unsatisfiable instances of the previous section and an instance (p. Suppose that 
the algorithm runs for three iterations (all with unsatisfiable results) and that 
on the fourth iteration the SAT solver reports the instance to be satisfiable. 
The algorithm would report for the fourth iteration the bound A = 3 meaning 
that the total number of satisfied clauses is — 3, together with the satisfying 
assignment. In this case, the check needs only to verify that there are exactly 
three clauses that are not satisfied by the assignment reported. 

For the case of unsatisfiable CNF instances, the Boolean optimizers need 
only to report the trace produced by the SAT solver (as in the case of checking 
unsatisfiability of SAT solvers [32]). 

An independent checker receives the information of the satisfiable iterations, 
which we call the satisfiable certificates^ and the traces of the unsatisfiable itera- 
tions (the unsatisfiable certificates) ^ and validates the result. The checker verifies 
that the satisfiable certificates are correct, that is, the assignment is a satisfiable 



assignment and satisfies the value reported. For the unsatisfiable certificates the 
checker proceeds as current resolution checkers of SAT solvers in unsatisfiable 
instances as in Zhang & Malik [52] . 

Example 1. Consider the following partial MaxSAT formula: 
Soft CLauscs: {~^xi){-^X2){-^x^) 

{-^Xi){-^Xz) 

Hard Clauses: (xi V X2){x2 V X3) 
{x-i V Xi){xi V X5) 
{xi V X5) 

Consider for the example a Linear search algorithm. A correct Linear search 
algorithm going through unsatisfiable instances would start by relaxing the five 
soft clauses and then perform four iterations. The first three iterations (with 
A = 0, 1, 2) would each report an unsatisfiable certificate, while the last iteration 
(with A = 3) would report a satisfiable certificate. 

The checker using the previous method 1 would have to validate the four 
certificates. 

3.2 Method 2 

Given that the iterations of the approaches described for Boolean optimization 
converge to the optimum value through satisfiable and unsatisfiable instances, 
then in the second method of validation, not all the certificates of all the itera- 
tions are checked. In fact, the checker needs only to validate the last satisfiable 
iteration and the last unsatisfiable trace produced. This can easily be seen for 
the Linear Search algorithms of Section [2Tl Consider a run of the Linear search 
algorithm moving through unsatisfiable instances. In terms of the variable A and 
the status returned by the SAT solver st, the run of the Linear search algorithm 
looks like the following: 

A = st: UNSATISFIABLE; 

\ = k-l st: UNSATISFIABLE; 
X = k st: SATISFIABLE 

The last unsatisfiable iteration has A = fc — 1. If we check that the SAT solver 
returned the correct unsatisfiable result for the formula ipw U CNF{J2reR — 
A: — 1) of the last unsatisfiable iteration, then we are assured that any of the 
previous iterations with A < A: — 1 are all unsatisfiable. This is true because 
the formula ipw and the set of relaxation variables remains the same between 
iterations, and thus the set of solutions of the constraint (X^i-ei?'' — '^)' '^ith 
A < /c — 1, is included in the set of solutions of the constraint (J^reR t 1!^ k — 1). 
Only one satisfiable iteration exists with A = fc, which corresponds to the optimal 
value. 



In the case of the Linear search algorithm going through satisfiable instances, 
it is also easy to demonstrate that it is enough to check the certificates of to the 
last satisfiable and the last unsatisfiable iterations. Consider a run of the Linear 
search algorithm going through satisfiable instances. As before, we consider the 
iterations in terms of the variable fj. and the status returned by the SAT solver 
st. Consider w.l.o.g. the worst case scenario where the assignment returned a 
always decreases fi by one unit. Then a run of the Linear search algorithm 
(through satisfiable instances) looks like the following: 

^i = n st: SATISFIABLE; 

st: SATISFIABLE; 
^^n~k st: UNSATISFIABLE 

There is only one unsatisfiable iteration with fi ^ n — k and it corresponds 
to the last unsatisfiable certificate. 

The last satisfiable iteration has n = n — k + 1 (the optimum value) . If we 
check that the SAT solver returned the correct satisfiable result for the formula 
(pw U CNF{J2reR/'' ^ n — k + 1) oi the last satisfiable iteration, then we 
are assured that for greater values of fi, the formula is still satisfiable. The 
reasons for this are analogous to the previous case of Linear search going through 
unsatisfiable instances. 

The case of the Binary search algorithm of Section 12.11 is similar to the 
Linear search algorithms but using fi and A. The algorithm terminates with 
/i = A + 1, and as in the Linear search algorithms the last unsatisfiable and 
the last satisfiable iterations will subsume the other iterations, for analogous 
reasons. 

Example 2. Consider one more time the instance of the previous Example [T] 

A checker using method 2 for validating would not have to validate all the 
unsatisfiable certificates. Instead, using method 2 would save the checker from 
validating the first two unsatisfiable certificates. Only the last unsatisfiable cer- 
tificate and the satisfiable certificate would have to be validated. 

An interesting case for validating is the case of the simplified MSU3 algo- 
rithm, which changes its set of relaxation variables while it is changing the bound 
A. Due to the change of the set of relaxation variables it is not possible to con- 
sider only the last satisfiable certificate and the last unsatisfiable certificate as 
in the other algorithms. 

For example, consider the MaxSAT instance {(x) A ()} which has an optimum 
value of A = 1. Consider also a buggy simplified MSU3 solver with the following 
run: 

X^O st: UNSATISFIABLE core : {{x)}; 

X^l st: UNSATISFIABLE core :{()}; 

\ = 2 st: SATISFIABLE cr = {.t = ri = = 1} 

On the first iteration, the solver correctly returns UNSATISFIABLE but 
with the wrong core {(x)}. Clause (x) is augmented with the relaxation variable 



ri being transformed into (x V ri). Thus on the second iteration the solver 
tests the satisfiabihty of the CNF instance {{x V n) A () A CNF{ri < 1)}, and 
returns UNSATISFIABLE with the core {()}. Clause () is relaxed with relaxation 
variable r2 which becomes (^2). Finally on the third iteration the solver tests the 
satisfiability of the instance {(cc V ri) A (r2) A CNF{ri + r2 < 2)}, and reports 
SATISFIABLE with an assignment a = {x = ri = r2 = 1} and A = 2. 

The last unsatisfiablc certificate, and the last satisfiablc certificate arc both 
correct and yet the result is wrong. This example shows that when modifying the 
set of relaxation variables, it is not enough to check the last two certificates. An 
additional test is required, to test that among all possible (soft) clauses to relax, 
the value reported is minimal. This can be achieved by creating a new instance 
with all (soft) clauses relaxed together with a new constraint that encodes the 
sum of all relaxation variables being strictly smaller than the result returned by 
the Boolean optimization solver. 

In the previous example the checker would validate both the last satisfiable 
and unsatisfiablc certificates and make the test that the CNF instance {{x V 
fi) /\ {r2) /\CNF{ri +r2 < 2)} is unsatisfiablc. The SAT solver would report the 
instance to be satisfiablc, with the satisfying assignment {x = r2 = = 0}, 
and the checker would report the MaxSAT solver to have an incorrect result. 

Notice that we could have restricted the original satisfying assignment cr 
(reported on the satisfiablc certificate) to an assignment a' containing only as- 
signments to the original variables (cr' = {x = 1}) and then counted the number 
of clauses which arc not satisfied by original variables. The obtained value could 
then be compared with the reported A. For the previous example we would have 
obtained that only one clause is unsatisfied, thus realizing that the reported 
A = 2 is not minimal. But this is not always the case, if the reported a was 
instead ct = {x = 0, ri = r2 = 1}, then the number of clauses not satisfied by 
original variables would also be two as A, thus still requiring the additional test 
to verify that the reported A is minimal. 

The correctness of the second method of validation can be summarized in 
the following propositions. 

Proposition 1 (Validation of Linear/Binary Search). 

The result of a Boolean Optimizer based on Linear search or on Binary search 
is correct if and only if the last unsatisfiablc certificate and the last satisfiable 
certificate are validated. 

Proposition 2 (Validation of the Simplified MSU3). 

The result of the simplified MS US algorithm is correct if and only if the last 
unsatisfiablc certificate (of the modified problem instance) and the last satisfiable 
certificate are validated together with the validation that the value returned is 
minimal. 

4 Experimental Results 

This section presents experimental results on checking MaxSAT solutions com- 
puted with Binary Search algorithm. The methods outlined in the paper could 



Instance 


Opt. Value 


Bin Search 


Bin Search-GC 


Check All 


Check One 


simp-unif-100_100.09.wcnf 


26 


1.58 


1.67 


0.17 


0.01 


simp-ibd_50.03.wcnf 


54 


6.04 


6.62 


1.34 


0.01 


normalizcd-aim- 100- l_6-ycsl- 1 . wcni 


100 


2.07 


2.12 


0.02 


0.02 


normalizcd-aim-200-l_6-ycsl-2.wcni 


200 


11.28 


11.34 


0.04 


0.04 


normalizcd-iiSal.wcnf 


54 


37.07 


43.15 


23.42 


0.07 


normalizcd-jnhl . wcnf 


92 


8.39 


9.25 


2.05 


0.07 


normalizcd-jnh213.wcnf 


92 


3.02 


3.11 


0.31 


0.02 


normalizcd-jnhT.wcnf 


89 


3.95 


4.23 


0.76 


0.01 


normalizcd-par 8-1. wcnf 


350 


41.48 


41.47 


0.22 


0.22 



Table 1. Run and checking times for the Binary Search algorithm 



be used with the other Boolean optimization approaches studied in this paper. 
Two types of results are presented. The first type of results show the CPU times 
of the solver with and without the generation of the certificates. The second 
type of results concentrate on checking all the certificates versus checking just 
one certificate. All the results obtained are for the Binary Search algorithm de- 
scribed in Section [2.1l The nine instances used in the results were obtained from 
the 2009 MaxSAT evaluation, and represent partial MaxSAT instances. A Mac 
Pro server with 8GByte of physical memory and a 2.93GHz processor was used 
for the experiments. All run times are in seconds. 

The values in the columns Bin Search and Bin Search-GC of Table[l]show the 
running times of the two versions of the solver, with and without the generation 
of certificates. The table also shows the optimum value for each problem instance. 
As can be concluded, there can be a difference in run times between generating 
and not generating certificates. Similar conclusions were observed in [18ll7j . 

The values in the columns Check ALL and Check One of Table [T] represent 
the running times of checking all the unsatisfiability certificates, and of checking 
just the last unsatisfiable certificat^. From the results we can conclude that as 
expected checking only the last unsatisfiable certificate can result in significant 
savings in terms of run times. For example, the normalized- iiaSl. wcnf becomes 
two orders of magnitude faster than considering all the certificates. Similar con- 
clusions can be drawn for most of the other benchmarks shown. Nevertheless, 
some instances show the same time on checking all or just one. This happens 
on instances with just one unsatisfiable iteration, thus just one unsatisfiable cer- 
tificate to check. The results allow concluding that the ability to check just one 
unsatisfiable certificate and one satisfiable certificate can result in important 
performance improvements when checking the results of Boolean optimization 
solvers. 



^ The running times of checking the satisfiable certificate is negligible and was not 
considered in either approaches. 



5 Conclusions and Future Work 



This paper investigates solutions for checking the results computed by Boolean 
optimizers, which are based on iterative calls to a SAT solver. Hence, the pa- 
per complements recent work on generating certificates for branch-and-bound 
Boolean optimization algorithms. The paper overviews all existing algorithms 
based on iterative calls to a SAT solver, and shows that, for all these algorithms, 
it suffices to check one unsatisfiability proof and one satisfiable certificate. Exper- 
imental results indicate that the overhead of checking the solutions computed 
by Boolean Optimization algorithms is negligible. Simple implementation im- 
provements to the work described in the paper include eliminating altogether 
proof tracing, only recreating proof tracing for the (then known) last unsatisfia- 
bility proof. This provides additional performance improvements over solutions 
that might check all unsatisfiability proofs. Additional research work consists in 
developing solution checking approaches for Max-SMT [26] and Max- ASP [27] . 
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